Posted
by
Soulskill
on Friday December 03, 2010 @05:57PM
from the picture-is-worth-a-thousand-lies dept.

TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"

After reading the presentation [elcomsoft.com], I see that you're pretty much right. Each camera model has a different key, which is stored on the camera itself. This is then used to create a HMAC [wikipedia.org].

It doesn't even look like this was all that hard, since the key was so easily extracted. I agree with the conclusion in that presentation: Cannon needs to hire people who understand security, if they want this feature to mean anything.

What idiocy. Couldn't they have used the same public key in every camera then encoded a hash and stuff it in metadata? They would control the secret key and their software would ship the image and metadata to them for validation. Or is that still too simple?

then someone just extracts the public key, create a new hash for the edited image and stuff it in metadata.this suffers from the same problem as copy protection, you have to give the user everything they need to create an arbitrary image and they will always be able to take the hardware apart.

unless you want to pass it through a third party(who can still only verify date and time it was passed through their servers) there's not much you can do on the camera that's foolproof.

There's quite a large numbers of methods for detecting if an image is tampered or not though.Some of them rely on sensor noise in the camera, some on natural image statistics, some on looking for chromatic aberration or slight aberrations in how a particular camera model encodes an image.

there's automated software that detects artifacts, also the compresion pattern passes software uses when making images, there was a guy calculating the lightsources from reflective spherical surfaces (including eyes), there's many ways.

It's an addon that people have been able to get for Canon products for years. I'm not sure of the exact details, but IIRC it was a system that uses a separate memory card to store information for verifying that the image hasn't been altered. I haven't read anything about it recently, but the point of it was to deal with the problems of using digital cameras for the purposes of recording a crime scene and similar sites.

Nikon may make one, but I'm not aware of it if they do. The addon itself is fairly expe

Nikon cameras do. There's an option to turn it on in the menus, but it's off by default. It even verifies the image in-camera, showing a symbol during image review if the image is authentic.
And at this point it's looking a lot more useful than the Canon version, but who knows if some less attention-grabbing person/group has broken it?

This could be a very big deal, if you can use it to establish reasonable doubt. *Many* police agencies use Canon. The traffic light and speeding cameras in Arizona are Canons. Of course, at your trial they will use the whole "controlled chain of custody" argument to say the images could not have been tampered with and the signing will be irrelevant, but who knows?

From what I've seen, usually images are vetted by people, either experts or others being asked by the judge, "Do you swear that these images are authentic?" An affirmative answer to this usually has more weight in our justice system than signatures and certificates, even though it is a lot harder to fake a cryptographic signature than lie under oath. A defense attorney would be rebutted by a prosecutor stating:

"These men swore an oath that this was the authentic image. Versus some random numeric mumbo-jumbo of stuff that can say an image is wrong even when it looks exactly the same to the eye."

If you are lucky, the jury might be clued enough to consider that reasonable doubt. However, most likely the jurors won't be computer savvy. They likely will not know the difference between a PKI system versus a ROT-13 encrypted message and their eyes will glaze over if presented with technical encryption details.

Convincing Joe Sixpack of something takes a different way of thinking than persuading an educated/. person who has a clue about cryptography and knows the difference between actual security versus theater.

Exactly. I don't really understand what this "security" measure is supposed to solve. So we know (if the system hadn't been compromised) that the picture in question has been taken with this specific camera. So what? It does not authenticate what I recorded, only the recording so the picture can be staged any way I like before I press the button and the camera signs the picture.
Well, I guess that they are trying to protect aganst "they photoshopped the picture" but you can of course photoshop it and then

The "deal" is that only the photographer has an opportunity to "photoshop" it (and it isn't easy for him). The homicide detective can't alter them even if he does carry them around in his jacket pocket all weekend.

No they want the courts to recognize pictures taken with a camera using XXX digital security without question. Much in the same manner that courts have set a precedence of blindly believing radar guns to be infallible (when we know scientifically that they are not).

With TPM chips being cracked previously, after apparently being tamper-proof, even if they implemented it using an algorithm that was suitable for the job (i.e. not use SHA but ECC or RSA) it would still be possible to get the signing key. It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.

Cracking one chip doesn't mean that they all are cracked. The concept is sound, and all it takes is another rev of the chip to have better anti-tamper protection. For example, one cryptographic token maker, someone had a website about being able to use hot water to pop the case in two for access to the chip. They (IIRC) learned their lesson and started using poured epoxy with no seams before putting the case on. None of their newer tokens have been cracked, as far as I know.

Whilst it is true that future updates might be harder to crack, this doesn't diminish the impact of this particular hack - the image authentication on every Canon EOS camera that has already been sold is now untrustable, and can be challenged in court.

In a certain sense you are right that you can't give people the key and not give them the key at the same time. In the same sense public key cryptography does not work because you are giving people the (private) key, just in a form (the public key) that isn't easily accessible. Yet, public key cryptography does work because accessing the private key from the public key is so difficult that it isn't worth the bother. In the same way, you can make cameras where extracting the key is so difficult that it isn't

The private key is never shared, and when you generate a hash from the private key, information in the key is lost making it impossible to reproduce.

If that were not true nobody would bother with encryption, because it would be immediately reversible.

You can always brute force decrypt a key, but it is very difficult. The process works by guessing what the private key is and generating a signature, then seeing if it matches the true signature. Do this enough times and you'll eventually find the pr

you can't give someone else the key and not give them the key at the same time.

You obviously don't know how one-way hashes work (encryption is a two-way or reversible hash, and what you said is true for encryption).

Can you take an MD5 checksum of a file and generate the file? Of course you can't. The checksum does not contain anywhere near the same amount of information as the file contains. But that checksum is a repeatable signature of that file, and you'll notice immediately if it has been tampered with even slightly, because the checksums won't match.

With TPM chips being cracked previously, after apparently being tamper-proof

TPM chips were never claimed to be tamper-proof. One of the fundamental design assumptions was that they would not be secure against someone with access to the hardware. It's right in the documentation. This isn't because it's not possible to make it very hard to tamper with a chip, it's because it's expensive to make a strongly tamper-resistant device.

Of course, it probably is impossible to make a completely tamper-proof device, no matter how much money you put into it, but you can make it hard enough

At the time of his arrest, Dmitry Sklyarov was a 27-year-old Russian citizen, Ph.D. student, cryptographer and father of two small children (a 2-1/2 year old son, and a 3-month-old daughter).

Dmitry helped create the Advanced eBook Processor (AEBPR) software for his Russian employer Elcomsoft. According to the company's website, the software permits eBook owners to translate from Adobe's secure eBook format into the more common Portable Document Format (PDF). The software only works on legitimately purchased eBooks. It has been used by blind people to read otherwise-inaccessible PDF user's manuals, and by people who want to move an eBook from one computer to another (just like anyone can move a music CD from the home player to a portable or car).

Dmitry was arrested July 17, 2001 in Las Vegas, NV, at the behest of Adobe Systems, according to the DOJ complaint, and charged with distributing a product designed to circumvent copyright protection measures (the AEBPR). He was eventually released on $50,000 bail and restricted to California. In December 2001, was permitted to return home to Russia with his family. Charges have not been dropped, and he remains subject to prosecution in the US.

Although Dmitry is home now, the case against Elcomsoft is continuing (to the detriment of the company), Dmitry's actions in Russia are controlled by a US court, and DMCA is still the law (to the detriment of everyone). This site will carry updates as they come...

Thats really old news, and no one seems to have cared enough to update the website. Here are some updates..."The charges against Sklyarov were later dropped in exchange for his testimony. He was allowed to return to Russia on December 13, 2001. On December 18, 2002 following a two-week trial in San Jose, California, a jury found that Elcomsoft had not wilfully violated the U.S. law." -- wikipedia

They relied on chains of custody and affidavits by the photographer, that's how.

And it was a fsckload harder to fake photographs in those days.

There was a news story in the UK a couple of years ago about someone who was taken to court and the photograph produced as evidence was proven to have been faked. I think it was a only a parking fine so probably faked by a private company or some council employee, but I forget the details.

Having been on that side of the industry, there's no way Canon's putting a smart card chip in camera. Why? Cost mostly. And then there's the significant problem of communicating from the camera OS to the smart card chip. And then there's the significant increase in the cost of manufacturing.

They aren't going to hire anyone either. This decision was made long ag

Skylarov has experience with such things, Adobe tried to use the DMCA on him. Who knows if they would have been ultimately successful, instead of going to trial they settled for his expert testimony in another copyright case.

It obviously didn't put him off cracking these things, so he's probably not too worried.

The fact that in the past he has been used as an expert witness in the field of encryption circumvention by an industry giant makes it tough to discredit him with respect to his expertise on the sub

Cost? We're talking about D-model Canons. They are breathtakingly expensive and that's just the barrier to entry so that you can use the even more breathtakingly expensive L-series lenses (which is the point of buying into the Canon system.)

Uh, I think my 450D supports the image authenticity checks, although I don't know if Canon uses a different system in their higher-end cameras. Sure, any DSLR is going to be moderately expensive, but $500 isn't exactly massive in cost.

Also - any camera that supports EF-mount lenses will support the latest-and-greatest L-series lenses. You don't need a $2k camera to use a $2k lens. Their bottom-of-the-line $500 DSLR body will work just fine with them (and the cheaper ones also support the EF-S lenses - on

That doesn't matter. If you can read the area where the private key is stored you can duplicate the signature process and produce another (falsely) verifiable image without the use of the camera.

That's the problem. The authentication process is (practically speaking) unbreakable once it leaves the camera. However, if the camera itself can be broken into and the private key copied, then the most secure authentication process in the world won't prevent a false authentication.

Is it that all he did was extract the signing key from the camera itself and insert it into exif data? If so, all you would need is any valid key and you could replace any metadata you wanted for anything you wanted with any number of utilities.

I'd still get broken eventually. I'd rather not rely on the camera - instead have it hash the picture, then immediately transmit the hash to five different legal firms. This would add a significent expense, of course - but if people feel they'll have a need to prove in court their photo wasn't tampered with, they should be prepared to pay a premium for a camera that comes equipped with a mobile phone network interface.

Publish the original picture encrypted with the photographer's PUBLIC key in a public place or file it with 5 different legal firms. Only the photographer can decrypt it, at least for the time being (*cough*quantumcomputer*cough*).

Then using an independent set of hardware/software have the photographer retrieve the encrypted copy, decrypt it, print it out with the meta-data in human-readable form and a signed digest in a human-readable form, attach a human-readable affidavi

Publish the original picture encrypted with the photographer's PUBLIC key in a public place or file it with 5 different legal firms. Then using an independent set of hardware/software have the photographer retrieve the encrypted copy, decrypt it, print it out with the meta-data in human-readable form and a signed digest in a human-readable form, attach a human-readable affidavit saying "I took this photo at this date and location and the metadata is true and accurate" and have him store that with his files.

Then using an independent set of hardware/software have the photographer retrieve the encrypted copy, decrypt it, print it out with the meta-data in human-readable form and a signed digest in a human-readable form, attach a human-readable affidavit saying "I took this photo at this date and location and the metadata is true and accurate" and have him store that with his files. Have witnesses if it's that important.

But only the photographer's private key can read it. Which means that nobody else can verify. What stops the photographer from replacing the first step with "retrieve encrypted copy, discard, use encrypted copy of modified version"?

And how do they know when the picture was taken? Think detectives are finished going over a crime scene a few minutes after getting there? Of course not. Even if they're done on-scene relatively quickly (large crimes can take days or longer), they'll box all the evidence up and take it back to the lab. Maybe they'll get to it by the end of the week. Maybe not.

Basically, courtworthy photos are being produced long after there's been time to do some photoshopping.

What they should have done was have exactly as you stated -- a tamper resistant CPU, akin to smart cards. This would have a private key generated and stored on the chip. Canon would have a certificate that would sign the private keys (so someone couldn't just fake a private key with a hacked camera body.)

This way, if camera "A" got compromised, every other Canon camera out there would still be protected. It appears that the method they used, if one camera got hacked, every one was broken open because the

It depends on the smart card. I'd love to see someone extract a private key out of a CAC, for example. There are other smart cards which have been completely compromised, but newer ones made within the past couple years are getting to the point of having decent security.

Nothing is 100% secure, but CACs are good enough for the DoD, and that says something.

Really, cryptographic jiggery-pokery is a problem best solved outside the camera. Generating an MD5 or SHA1 onboard is fine(even if you don't care about the crypto, it's a nice check against memory card corruption, and most nicer cameras have the entire frame in memory at some point before writing it to the card so the hashing should be fast); but leaving the crypto to a removable, interchangeable, person/organization unique crypto smartcard would really be the way to go.

That's not true, if I wait till after it's been copied off the camera that means I only know what was submitted is free of tampering from that time on. I have no clue what was done to it before you submitted it. This is why the encryption needs to be on the camera.

That would be the idea. The smartcard would be directly connected to the camera, and a required part of the image-saving processs(if crypto were desired, if you just wanted to happy snap, it would be irrelevant); but would be removable, and would be where all the cryptographic secrets live, and so could be easily subjected to whatever physical security measures suit the organization using it(unlike a mass-market camera, which is going to be physically avaiable to anybody with a few hundred or few thousand d

The resolution of chemical film is high, but far from infinite and it's still just a 2D plane... with a printed 2D image of sufficient resolution, a good lighting setup and a good lens you can get anything you want on film... modelling the original camera and the development process is just that, a modelling problem. A solvable problem.

That doesn't seem particularly relevant, the main problem here is that everything required to do the signing can be extracted from of the camera.

It's a simple necessity that, regardless of precisely how the signature is generated, all the information required to generate signatures is inside the camera and someone with the desire and resources can pull it out.

I think the only protection would be each camera having a unique key and being constructed in such a fashion so that getting at the crypto informa

No matter how you design the camera the system is not secure. The entire concept is, in fact, impossible to implement. All I need to do is take a picture, retouch it however I want, then project it back into the camera using a high-quality lens system.

cool but a camera equipped with autofocus and exposure and white balance surely can detect you're feeding it a fake, if it checks for it of course. Unless of course you completely reverse engineer the camera and simulate the effects of adjustments in the projected scam, which if the camera employed fuzzy logic is not doable.

Maybe a partial retouch over a genuine scene is feasible, but its usefulness is kinda limited.

Yes and no. I'm willing to bet that this being the equivalent of the analogue hole will actually show up quite horribly in the resulting picture. Remember the originals are the verified files so you'd need to project the image at a resolution such that the high resolution sensors won't see it as a screen.

Furthermore there's issues with all pictures laid out in a grid, such as from a digital project or a computer screen. Even if you had a very high resolution system to project the image back into the cam

A sub-micron stage could probably be used to position the camera to line up the projected pixels exactly on top of the CCD elements. I bet you could do well enough to make it impossible to tell by anyone but the most seasoned expert in photoanalysis. And if you need to call in an expert, that same expert will quite easily be able to determine that the image has been retouched. Which, again, makes the entire system quite a waste of time.

I still think you'll get moire effect unless you'll be able to project it at incredible resolutions surpassing that of the sensor, or the exact resolution of the sensor and perfect alignment. This is the downside of lining up two grids, one in the projector the other in the sensor. I'm not sure if the Beyer pattern layout of the pixels will be against you here too, but in any case I think it is currently completely technically infeasible.

Quality alone will give you nothing. You will have to look into the actual type of the lens setup. And what you need here is a process lens (sorry, no Wikipedia entry on that). But even supposing you get the optical setup in shape, then you need a >10Mpixel screen and you need to align it. Supposing you get it and you align it, then you're left with a nice moiré pattern due to other non-linear distortions like shear and barrel. And you need to find an optical way to compensate for them.

You sound like you're much more familiar with optics than me, though I have a bunch of experience on the digital (DSP) side which might assist me. At any rate, whether there is moire or not (I'd call it aliasing and/or nonlinear distortion, not "moire" but I get your point), the produced image will be properly signed by the camera. If the digital signature is to be used as some sort of proof-positive of authenticity, then whoever consumes that image should assume it is authentic.

All you need to do? That doesn't exactly sound easy, especially if EXIF type data is included in the signed data as you'd not only have to project the image correctly but have the camera using settings that are reasonable for the real image.

Any evidence is fakeable, you could assemble custom DNA strands if you wanted to and had sufficient resources.

I think there's a big difference between faking something in an entirely digital fashion and having to undergo difficult physical actions.

If the camera has a clock that is only set at the factory then the timestamp would be wrong as would the gps position if the camera is equipped with a GPS. Saying something is impossible often means one simply hasn't thought of a way to do it yet.

Touche. One of my personal mottos is "You can't achieve what you have already decided is impossible." Thanks for reminding me of it -- however, there is sufficient doubt in the potential of the current system to, in my mind, render it completely invalid from the standpoint of authentication.

No matter how you design the camera the system is not secure. The entire concept is, in fact, impossible to implement. All I need to do is take a picture, retouch it however I want, then project it back into the camera using a high-quality lens system.

Yes in principle, you control the camera's environment so you control all the incident light, but other replies suggest it would be hard in practice.
The real question is this: would it be more or less effort than obtaining the master key via a bribery/blackmail/infiltration/intimidation/ninja attack against cannon ?

No matter how you design the camera the system is not secure. The entire concept is, in fact, impossible to implement. All I need to do is take a picture, retouch it however I want, then project it back into the camera using a high-quality lens system.

I hope Assange realizes this. The only way photos are truly verifiable are those taken on film, which for the most part is extinct.

I can get fake evidence on film just as easily as I can get it on a CCD. Just print out the retouched version and take a photo of said print. This has been pointed out several times already though I think others are overcomplicating matters, claiming that you need perfect alignment and lighting. But as long as people don't know what the original looked like (and if they do, the fake won't work), none of that matters as long as a viewer can't tell it's a photo of a photo instead of an actual scene.

You don't even need to spoof the GPS signals. Just spoof the response from the GPS receiver. Most high-end cameras don't have built-in GPS receivers anyway (much to my dismay), so you end up using an external USB-based GPS receiver. It looks suspiciously like a serial port.... And even if you have a camera that does have integrated GPS, if you're going to the trouble to desolder a CCD, you can remove a GPS chip just as easily.

There are CPUs designed to do what you suggest readily available. Most are ARM based and have a special tamper-proof on-board memory for storing private keys. They do all sorts of things to prevent anyone getting the key, including self-destructing memory that wipes if you try to remove the chip's casing around it or scan it with an electron microscope. Naturally program code is also encrypted to prevent you writing a program that reads out the key and replacing the devices firmware.

You don't seem to have a very good knowledge of cryptography yourself... Good signature algorithms use both a hash and something asymmetric.

Most signature algorithms start with a hash of the original file, because signing a big document would require a lot of computations. This does not reduce the security of the signature, as long as you don't use a broken hash function (and even if your hash function is as broken as MD5, the impact in this kind of scenario would be quite limited). Note that it is actua

For verification you need a private key + a public key. The public key is a hash of the photograph itself. The private key is known only to Canon. The private key absolutely must exist on the camera in order for it to generate a signature of the photo (generated from hash + public key).

For verification all the Canon software needs to do is perform the same operation the camera would have: combine a hash of the photo with the private key and generate a signature. If the two signatures match, the photo is

For verification you need a private key + a public key. The public key is a hash of the photograph itself. The private key is known only to Canon. The private key absolutely must exist on the camera in order for it to generate a signature of the photo (generated from hash + public key).

For verification all the Canon software needs to do is perform the same operation the camera would have: combine a hash of the photo with the private key and generate a signature. If the two signatures match, the photo is verified.

You're rambling, and it's a bit obvious you don't understand how PKI works. Verification does NOT require the private key. You need the public key, and the public key of any root or intermediate certs used to create the certificate in the camera.

They blew it entirely if every camera has the same signing certificate as well. What they should have is a root CA, and intermediate CA which issues certificates to each camera based on their serial number. This would also imply the certificate is not part of the software but perhaps burned into an eeprom on the camera . Then the signed photos "bogus or not" would have the serial number of the camera. To forge the photo and have it appear to come from a particuler camera still may not be that difficult,